aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrej E Baranov <admin@andrej-andb.ru>2013-10-13 01:02:03 +0200
committerDaniel Stenberg <daniel@haxx.se>2013-10-13 19:12:58 +0200
commit39beaa5ffbccd5b36ae576d32cab2ba0ed3901de (patch)
treea63a90d659ee1fab2a7abf8641fcd9fd330922d1
parent5df04bfafd13b641786892de95bd5c1f87059f1d (diff)
OpenSSL: use failf() when subjectAltName mismatches
Write to CURLOPT_ERRORBUFFER information about mismatch alternative certificate subject names. Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
-rw-r--r--lib/ssluse.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 9974ac85e..ef0c88205 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
/* an alternative name field existed, but didn't match and then
we MUST fail */
infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+ failf(data, "SSL: alternative certificate subject names does not match "
+ "target host name '%s'", conn->host.dispname);
res = CURLE_PEER_FAILED_VERIFICATION;
}
else {